I am working on the Zulucrypt 7.0.0 update and SPDX license audit at the same time, and there is one license listed in their copyright file that isn't obvious to me. Specifically, it is the generic_xts files included in the bundled tcplay (https://github.com/mhogomchungu/zuluCrypt/blob/master/external_libraries/tcp...). It is bundled because upstream has made changes to it, and also we no longer have tcplay in Fedora (it was retired 5 years ago for FTBFS).
The file header says:
/* * Copyright (C) 2008, Damien Miller * Copyright (C) 2011, Alex Hornung * * Permission to use, copy, and modify this software with or without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to * all. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */
Is it appropriate to list this under the GPL in the license tag, or does this need its own licenseref in Fedora? (I already have tags for GPL-3.0-or-later AND GPL-2.0-or-later anyway).
On Mon, Aug 26, 2024 at 9:48 AM Ian McInerney ian.s.mcinerney@ieee.org wrote:
I am working on the Zulucrypt 7.0.0 update and SPDX license audit at the same time, and there is one license listed in their copyright file that isn't obvious to me. Specifically, it is the generic_xts files included in the bundled tcplay (https://github.com/mhogomchungu/zuluCrypt/blob/master/external_libraries/tcp...). It is bundled because upstream has made changes to it, and also we no longer have tcplay in Fedora (it was retired 5 years ago for FTBFS).
The file header says:
/*
- Copyright (C) 2008, Damien Miller
- Copyright (C) 2011, Alex Hornung
- Permission to use, copy, and modify this software with or without fee
- is hereby granted, provided that this entire notice is included in
- all copies of any software which is or includes a copy or
- modification of this software.
- You may use this code under the GNU public license if you so wish. Please
- contribute changes back to the authors under this freer than GPL license
- so that we may further the use of strong encryption without limitations to
- all.
- THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
- IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
- REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
- MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- PURPOSE.
*/
Is it appropriate to list this under the GPL in the license tag, or does this need its own licenseref in Fedora? (I already have tags for GPL-3.0-or-later AND GPL-2.0-or-later anyway).
Please submit this as a new license for review at gitlab.com/fedora/legal/fedora-license-data.
Richard
Richard Fontana wrote:
On Mon, Aug 26, 2024 at 9:48 AM Ian McInerney ian.s.mcinerney@ieee.org wrote:
I am working on the Zulucrypt 7.0.0 update and SPDX license audit at the same time, and there is one license listed in their copyright file that isn't obvious to me. Specifically, it is the generic_xts files included in the bundled tcplay (https://github.com/mhogomchungu/zuluCrypt/blob/master/external_libraries/tcp...). It is bundled because upstream has made changes to it, and also we no longer have tcplay in Fedora (it was retired 5 years ago for FTBFS). The file header says: /*
Copyright (C) 2008, Damien Miller Copyright (C) 2011, Alex Hornung
Permission to use, copy, and modify this software with or without fee is hereby granted, provided that this entire notice is included in all copies of any software which is or includes a copy or modification of this software. You may use this code under the GNU public license if you so wish. Please contribute changes back to the authors under this freer than GPL license so that we may further the use of strong encryption without limitations to all.
THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
*/ Is it appropriate to list this under the GPL in the license tag, or does this need its own licenseref in Fedora? (I already have tags for GPL-3.0-or-later AND GPL-2.0-or-later anyway). Please submit this as a new license for review at
gitlab.com/fedora/legal/fedora-license-data.
Submitted ticket https://gitlab.com/fedora/legal/fedora-license-data/-/issues/561 for review.
Thanks, -Ian